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DETAILED ACTION 

Response to Amendment 

1 . This office action is in response to the Applicants' Amendment After Non-Final 
Amendment filed on February 16, 2011. Claims3-13, 15, 17-19 and 27-29 are 
presented for further consideration and examination. 

2. Applicants' request for reconsideration of the Non-Final Rejection dated August 1 6, 201 0 
is persuasive and, therefore, the Office Action dated August 16, 2010 is withdrawn and 
is now replaced with this current Office Action. 

Response to Argument 

3. Applicants' arguments, see pg.7-14, filed February 16, 201 1 , have been fully considered 
and are persuasive. Therefore, the Office Action dated August 16, 2010 is withdrawn 
and is now replaced with this current Office Action. 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 1 01 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claim 29 is rejected under 35 USC § 101 because the claims are not limited to tangible 
embodiments since they do not claim physical articles or objects as part of the claims to 
establish a statutory category as a machine or manufacture, and they are clearly not to a 
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process or composition of matter. As claimed, "A computer readable medium containing 
executable program instructions...'- 'fails to fall within a statutory category of invention; 
because it is well known that computer readable medium includes both transitory and 
non-transitory types of media, with the former being non-statutory. As such, the above 
claims are not limited to statutory subject matter and are, therefore, non-statutory. 
Hence, in order to overcome this 35 USC § 101 rejection, the above claims need to be 
amended to include only the physical computer media and not a transmission media or 
other intangible or non-functional media. The Examiner suggests a possible amendment 
to be "A non -transitory computer readable medium containing executable program 
instructions..." 



Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



7. Claims 3, 6, 12-13, 15. 17 and 27-29 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Hoese et al. (US6789152B2) and in view of Shu et al. 
(US7555772B2). 



8. With regard to claims 27-29 , Hoese discloses a system comprising: 

• a processor; a memory coupled to the processor; (Hoese, col.6, lines 3-1 8) 
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Hoese discloses, "To accomplish its functionality, one implementation of the 
storage router uses: ...an Intel 80960RP processor, incorporating independent 
data and program memory spaces..." Hence, Hoese teaches of the storage 
router (i.e., Applicants' system) including an Intel processor (i.e., Applicants' 
processor) and memory spaces (i.e., Applicants' memory). 

• a storage operating system resident in the memory and executed by the 
processor, the storage operating system implementing a file system configured to 
provide storage service of information stored on the system; (Hoese, col. 6, lines 
3-18) 

Hoese discloses, "To accomplish its functionality, one implementation of the 
storage router uses: . . . and an operating system based upon the WIND RIVERS 
SYSTEMS VXWORKS or IXWORKS kernel, as determined by design. In 
addition, the storage router includes software as required to control basic 
functions of the various elements, and to provide appropriate translations 
between the FC and SCSI protocols". Hence, Hoese teaches of the storage 
router (i.e., Applicants' system) including an operating system (i.e., Applicants' 
storage operating system) and would be inherent to include a file system (i.e., 
Applicants' file system) in order to control basic functions and to provide 
translations among protocols (i.e., Applicants' provide storage information). 

• a plurality of network interfaces configured to process received block-based 
protocol data access requests^, each network interface assigned to one or more 
network addresses, each network interface further assigned an identifier that 
binds the network interface to an address space that includes the one or more 
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network addresses; and (Hoese, col.3, lines 41-43; col.2, lines 12-15; col.7, lines 
34-38; figure 2) 

Hoese discloses, "Storage router 44 routes requests from initiator devices on one 
medium to target devices on the other medium and routes data between the 
target and the initiator". Hoese discloses, "The storage router then allows access 
from the workstations to the SCSI storage devices using native low level, block 
protocol in accordance with the mapping and the access controls". Hence, 
Hoese teaches of the storage router (i.e., Applicants' system) allowing access 
(i.e., Applicants' configured to process) to the workstations' requests (implied) 
using native level, block protocol and routing them (i.e., Applicants' block-based 
protocol data access request) from initiator device (e.g., workstation) implying 
that the storage router must have received the request via network interface 
(implied) (i.e., Applicants' network interface). Hoese discloses, "A primary 
method of addressing management commands though the FCP and SCSI 
interfaces can be through peripheral device type addressing. For example, the 
storage router can respond to all operations addressed to logical unit (LUN) zero 
as a controller device". Hence, Hoese teaches of the interfaces addressed to 
logical unit (LUN) zero (i.e., Applicants' identifier that binds the network interface 
to an address space including one or more network addresses) and it is well 
known in the art that network interfaces include 'hard-coded' (e.g., MAC) address 
(i.e., Applicants' network interface assigned to one or more network addresses. 
• a plurality of context data structures stored in the memory and containing 
configuration information to establish a plurality of instances of virtual servers 
executed by the processor, . . . each virtual server further configured to share 
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access to the file system to service the block-based protocol data access 
requests by converting the block-based protocol data access requests to 
appropriate file system data requests when providing the storage service of the 
information stored on the system. (Hoese, col.4, lines 17-22; col. 2, lines 1-4; 
col.2, lines 12-15; col.6, lines 15-18; figure 3) 

Hoese discloses, "As shown in FIG. 3, for example, storage device 60 can be 
configured to provide global data 65 which can be accessed by all workstations 
58. Storage device 62 can be configured to provide partitioned subsets 66, 68, 
70 and 72, where each partition is allocated to one of the workstations 58 
(workstations A, B, C and D)". Hence, Hoese teaches of storage device 62 
configured with configurations (implied) (i.e., Applicants' context data structures) 
to provide partitioned subsets 66, 68, 70 and 72 (i.e., Applicants' instances of 
virtual servers). Hoese discloses, "According to one aspect of the present 
invention, a storage router and storage network provide virtual local storage on 
remote SCSI storage devices to Fibre Channel devices". Hoese discloses, "The 
storage router then allows access from the workstations to the SCSI storage 
devices using native low level, block protocol in accordance with the mapping 
and the access controls". Hoese discloses, "In addition, the storage router 
includes software as required to control basic functions of the various elements, 
and to provide appropriate translations between the FC and SCSI protocols". 
Hence, Hoese teaches of the storage router (i.e., Applicants' system) and the 
storage network providing virtual local storage (i.e., Applicants' virtual server) that 
is capable of allowing access (i.e., Applicants' to service) to the workstations' 
requests (implied) using native level, block protocol and routing them (i.e., 
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Applicants' block-based protocol data access request) from initiator device (e.g., 
workstation) by providing appropriate translations (i.e., Applicants' converting) 
between the FC and SCSI protocols. 
However, Hoese does not explicitly disclose, 

• ... each virtual server allocated resources that include a partitioning of the 
network interfaces and assigned network addresses to establish a distinct 
security domain for that virtual server that enables controlled access to the 
allocated network interfaces and assigned network addresses, . . . 

Shu teaches, 

• ... each virtual server allocated resources that include a partitioning of the 
network interfaces and assigned network addresses to establish a distinct 
security domain for that virtual server that enables controlled access to the 
allocated network interfaces and assigned network addresses, . . . (Shu, col. 8, 
lines 55-62) 

Shu discloses, "A firewall can be partitioned into multiple virtual systems. Either 
or both of the Gi Firewall 163 or GTP Firewalls 143 can be within a virtual 
system. Each virtual system is a unique security domain and can be managed 
by administrators who can individualize (e.g., including setting up address books 
and policies) the security protections for the given domain. The Gi Firewall 163 
and GTP Firewall 143 can be either in the same virtual system or in different 
virtual systems" (Shu, col. 8, lines 55-62). Hence, Shu teaches of different virtual 
systems 143 and 163 (i.e., Applicants' each virtual server) with their own 
communication modules 147 and 167 (e.g., communication interfaces) (i.e., 
Applicants' allocated resources that include partitioning of network interfaces and 
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addresses) to provide a unique security domain (i.e., Applicants' to establish a 
distinct security domain). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Shu with the teachings of Hoese 
to improve Hoese's teachings of partitioned subsets of virtual servers by 
implementing Shu's teachings to utilize firewalls to set up distinct security domains in 
order to provide sufficient security check among members accessing their 
appropriate data stores. 



9. With regard to claims 3 and 1 7 , Hoese and Shu disclose a system, 

• further comprising storage media configured to store information as units of 
storage resources, the units of storage resources allocated among each of the 
virtual servers. (Hoese, col.4, lines 17-22; figure 3) 

Hoese discloses, "As shown in FIG. 3, for example, storage device 60 can be 
configured to provide global data 65 which can be accessed by all workstations 
58. Storage device 62 can be configured to provide partitioned subsets 66, 68, 
70 and 72, where each partition is allocated to one of the workstations 58 
(workstations A, B, C and D)". Hence, Hoese teaches of storage device 62 (i.e., 
Applicants' storage media) configured with configurations (implied) (i.e., 
Applicants' context data structures) to provide partitioned subsets 66, 68, 70 and 
72 (i.e., Applicants' units of storage resources among instances of virtual 
servers). 
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1 0. With regard to claim 6 . Hoese and Shu disclose a system, 

• wherein the file system is configured to perform a boundary check to verify that a 
request is allowed to access certain units of the storage resources on the storage 
media, each virtual server further configured to create virtual disks within the 
units of storage resources and wherein each of the virtual disks is associated 
with one or more of the virtual servers. (Hoese, col. 2, lines 12-15; figure 3) 
Hoese discloses, "The storage router then allows access from the workstations to 
the SCSI storage devices using native low level, block protocol in accordance 
with the mapping and the access controls". Hoese discloses, "These subsets 66, 
68, 70 and 72 can only be accessed by the associated workstation 58 and 
appear to the associated workstation 58 as local storage accessed using native 
low level, block protocols". Hence, Hoese teaches of the partitioned subsets can 
only be accessed by the associated workstations implying that there is an access 
check (i.e., Applicant's access check) based on the particular container (i.e., 
Applicant's boundary). 



1 1 . With regard to claims 12-13 , Hoese and Shu disclose a system, 

• wherein the block-based protocol comprises iSCSI. (Hoese, col.2, lines 1 -9) 
Hoese discloses, "According to one aspect of the present invention, a storage 
router and storage network provide virtual local storage on remote SCSI storage 
devices to Fibre Channel devices. A plurality of Fibre Channel devices, such as 
workstations, are connected to a Fibre Channel transport medium, and a plurality 
of SCSI storage devices are connected to a SCSI bus transport medium. The 
storage router interfaces between the Fibre Channel transport medium and the 
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SCSI bus transport medium". Hence, Hoese teaches of block based protocols 
SCSI (i.e., Applicants' iSCSI) and Fibre Channel (i.e., Applicants' FCP). 

• wherein the block-based protocol comprises FCP. (Hoese, col. 2, lines 1 -9) 

1 2. With regard to claim 15 . Hoese and Shu disclose a system, 

• wherein the system is further configured to process data access requests in 
response to one or more file-level protocols. (Hoese, col. 2, lines 1-9) 
Hoese discloses, "According to one aspect of the present invention, a storage 
router and storage network provide virtual local storage on remote SCSI storage 
devices to Fibre Channel devices. A plurality of Fibre Channel devices, such as 
workstations, are connected to a Fibre Channel transport medium, and a plurality 
of SCSI storage devices are connected to a SCSI bus transport medium. The 
storage router interfaces between the Fibre Channel transport medium and the 
SCSI bus transport medium". Hence, Hoese teaches of file-level block based 
protocols SCSI and Fibre Channel (i.e., Applicants' one or more file-level 
protocols). 

1 3. Claims 4-5 and 18-19 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Hoese et al. (US6789152B2), in view of Shu et al. (US7555772B2) and further in view of 
Mane et al. (US20050050107A1). 

14. With regard to claims 4-5 and 18-19 , Hoese and Shu disclose a system, 

See claims 3 and 1 7 rejection as detailed above. 
However, Hoese and Shu do not explicitly disclose, 
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• wherein the units of storage resources comprise volumes. 

• wherein the units of storage resources comprise qtrees. 
Mane teaches, 

• wherein the units of storage resources comprise volumes. (Mane, para.25) 
Mane discloses, "The processor 25 includes a number of program layers, 
including a network interface 26 for coupling to the data network, a file system 
layer 27 for organizing data into a hierarchical file system of files and directories, 
a volume layer 28 for organizing the data into logical volumes of data blocks, and 
a Small Computer System Interface (SCSI) driver 29 for linking the volume layer 
28 to the disk storage 24". Hence, Mane teaches of logical volumes of data 
blocks (i.e., Applicant's volumes) as units of storage resources. 

• wherein the units of storage resources comprise qtrees (Mane, para. 6) 
Mane discloses, "In accordance with another aspect, the invention provides a 
method of maintaining quotas for storage resources used by a file server for 
storing files in selected directory trees of a file system. The file server has a tree 
quota database of usage values of the storage resources and limit values for the 
storage resources for the selected directory trees of the file system". Hence, 
Mane teaches of a tree quota database (i.e., Applicant's qtree) as a unit of 
storage resources. 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of Mane with the teachings of 
Hoese and Shu to improve Hoese and Shu's teachings of partitioned subsets of 
virtual servers utilizing firewalls to set up distinct security domains by implementing 
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Mane's teachings of utilizing qtree in order maintaining quotas for storage resources 
used by a file server. 



15. Claims 7- 1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hoese et 
al. (US6789152B2), in view of Shu et al. (US7555772B2) and further in view of George 
et al. (US7010663B2). 



16. With regard to claim 7 . Hoese and Shu disclose a system, 
See claim 6 rejection as detailed above. 
However, Hoese and Shu do not explicitly disclose, 

• wherein the storage operating system further comprises a user interface having a 
command set configured to operate on virtual disks, and wherein the command 
set executes within a context of a virtual server. 

George teaches, 

• wherein the storage operating system further comprises a user interface having a 
command set configured to operate on virtual disks, and wherein the command 
set executes within a context of a virtual server. (George, col. 5, lines 33-41) 
George discloses, "Referring now to FIG. 2, the data storage device 120 of FIG. 

1 is shown that provides for managing a plurality of virtual LUNs over one or 
more existing volumes of storage within the storage device 120, in accordance 
with one embodiment of the present invention. The data storage device 120 
comprises two interfaces for receiving and sending command line interface (CLI) 
instructions and Input/Output (I/O) data. The interfaces include a CLI interface 
and a hypertext transfer protocol (HTTP) interface". Hence, George teaches of 
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two interfaces (i.e., Applicant's user interface) for receiving and sending 
instructions (i.e., Applicant's having a command set) for managing (i.e., 
Applicant's configured to operate on) a plurality of virtual LUNs (i.e., Applicant's 
virtual disks) over one or more existing volumes of storage via the virtualization 
layer (i.e., Applicant's within a context of a virtual server). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to combine the teachings of George with the teachings of 
Hoese and Shu to improve Hoese and Shu's teachings of partitioned subsets of 
virtual servers utilizing firewalls to set up distinct security domains by providing the 
expansion of an existing data storage system into a plurality of virtual data storage 
systems. 

17. With regard to claims 8-9 . Hoese, Shu and George disclose a system, 

• wherein the user interfaces comprises a command line interface (CLI) configured 
to support the command set. (George, col. 5, lines 33-41 ) 

George discloses, "The data storage device 120 comprises two interfaces for 
receiving and sending command line interface (CLI) instructions and Input/Output 
(I/O) data. The interfaces include a CLI interface and a hypertext transfer 
protocol (HTTP) interface". 

• wherein the CLI comprises a lun command configured to perform operations to a 
virtual disk associated with the context of the virtual server. (George, col. 5, lines 
42-54) 

George discloses, "Typically, the CLI interface provides access by a user (e.g., 
system administrator) to configure, update, and/or modify the data storage device 
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120, such as, creating or removing virtual LUNs, and expanding or reducing the 
size of virtual LUNs, etc". 



18. With regard to claims 10-11 , Hoese, Shu and George disclose a system, 

• wherein the lun command creates a logical unit number on the file system, the 
logical unit number being associated with the context of the virtual server. 
(George, col. 5, lines 42-54) 

George discloses, "Typically, the CLI interface provides access by a user (e.g., 
system administrator) to configure, update, and/or modify the data storage device 
120, such as, creating or removing virtual LUNs, and expanding or reducing the 
size of virtual LUNs, etc". 

• wherein the CLI comprises an igroup command that generates a set of file 
system primitive for binding an initiator group to one or more initiator addresses 
and wherein the initiator group is associated with the context of the virtual server. 
(George, col. 5, lines 42-54) 



Conclusion 

1 9. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Thomas Duong whose telephone number is 571/272-391 1 . The 
examiner can normally be reached on M-F 7:30AM - 4:00PM. If attempts to reach the 
examiner by telephone are unsuccessful, the examiner's supervisor, Joseph Avellino 
can be reached on 571/272-3905. The fax phone numbers for the organization where 
this application or proceeding is assigned are 571/273-8300 for regular communications 
and 571/273-8300 for After Final communications. 
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/Thomas Duong/ 

Patent Examiner, Art Unit 2454 

February 22, 2011 

/Joseph E. Avellino/ 

Supervisory Patent Examiner, Art Unit 2454 



